Fines for data privacy breaches increase by £1m in one year
Fines for data privacy breaches for UK organisations breached £4m last year, analysis out today has shown.
Research from PwC studied fines that had been handed out by the Information Commissioners Office (ICO) for data protection mishaps, finding that fines rocketed up by more than £1m from 2016’s figures, as 54 organisations were found to have breached rules.
PwC’s findings are out days before the General Data Protection Regulation is introduced, which could see organisations risk fines of up to 4 per cent of global turnover, or €20m (£17.54m) depending on which is higher.
One notable fine came in August 2017, when telco giant TalkTalk were slapped with a £100,000 fine for putting the data of 21,000 subscribers at risk.
Read more: TalkTalk fined for putting 21,000 sets of customer data at scammer risk
Stewart Room, lead partner for GDPR and data protection at PwC, commented:
Our analysis found that almost half of last year’s UK data protection enforcement actions were due to marketing infringements, but security breaches and misusing data for profiling purposes also continued to appear as substantial causes of failure. These are key areas for organisations to be mindful of as we move into this new era for data protection.
The ICO has made it clear, however, that the GDPR is not about the increased fines and the maximum certainly won’t be the norm.
It’s really about putting consumer rights at the heart of today’s data-centred world.